<?php
if ( !isGod() )
	if ( !getRights($mod,'full') )
	{
		showMsg('Không có quyền truy cập vào trang này !','error','center');
		die();
	}
	
$totalModule = (!get_magic_quotes_gpc()) ? addslashes(@$_POST['totalModule']) : @$_POST['totalModule'];
$gid = (!get_magic_quotes_gpc()) ? addslashes(@$_POST['gid']) : @$_POST['gid'];

for ( $i=0 ; $i < $totalModule ; $i++ )
{
	$sql = "";
	$sql1 = "";
	//view
	$view = @$_POST['chk' . $i . '_0'];
	//add
	$add = @$_POST['chk' . $i . '_1'];
	//edit
	$edit = @$_POST['chk' . $i . '_2'];
	//delete
	$delete = @$_POST['chk' . $i . '_3'];
	
	$modName = @$_POST['hid' . $i];
	if ( $view != '' || $add != '' || $edit != '' || $delete != '' )	//cap nhat
	{
		$sql = "UPDATE gaccess SET ";
		$sql1 = "";
	
		if ( $view != '' )
		{
			$sql .= "`view`=1,";
			$sql1 .= "1,";
			$arr = explode("_",$view);
		}
		else	{ $sql .= "`view`=0,"; $sql1 .= "0,"; }
		if ( $add != '' )
		{
			$sql .= "`add`=1,";
			$sql1 .= "1,";
			$arr = explode("_",$add);
		}
		else	{ $sql .= "`add`=0,"; $sql1 .= "0,"; }
		if ( $edit != '' )
		{
			$sql .= "`edit`=1,";
			$sql1 .= "1,";
			$arr = explode("_",$edit);
		}
		else	{ $sql .= "`edit`=0,"; $sql1 .= "0,"; }
		if ( $delete != '' )
		{
			$sql .= "`delete`=1,";
			$sql1 .= "1,";
			$arr = explode("_",$delete);		
		}
		else	{ $sql .= "`delete`=0,"; $sql1 .= "0,"; }
		
		$sql = substr($sql,0,strlen($sql)-1);
		$sql .= " WHERE gid=$gid AND modname='" . $arr[1] . "'";
		
		$sql1 = "INSERT INTO gaccess VALUES($gid,'" . $arr[1] . "'," . substr($sql1,0,strlen($sql1)-1) . ")";
		//kiem tra xem la update hay insert
		$sqlTemp = "SELECT * FROM gaccess WHERE gid=$gid AND modname='" . $arr[1] . "'";
		//echo $sqlTemp . '<br>';
		$rs_t = $link->execute($sqlTemp);
	
		if ( !$rs_t->EOF )	//cap nhat
		{
	//			echo $sql . '<br />';
			$link->execute($sql);
		}
		else
		{
	//			echo $sql1 . '<br />';
			$link->execute($sql1);
		}
	}
	else if ( $view == '' && $add == '' && $edit == '' && $delete == '' ) 
	{
		$link->execute("delete from gaccess where gid='" . $gid . "' and modname='" . $modName . "'");
	}

}

header('Location: admin.php?mod=UManager');
?>